DishNetwork.com Security Breach

shoelace

New Member
Original poster
Aug 1, 2007
4
0
I'm not really the letter writing type nor am I one to be unnecessarily scared of identity theft. That is until I realized how easy Dish Network was making it for its customers: I logged into what I thought was my account on dishnetwork.com, and I was able to see another customer's personal information! Here's the e-mail exchange I've had with them regarding their ugly cocktail of bad outsourced customer service and failed security measures. It's a shame, too, because the cable service itself is great. Everyone, please beware of accessing dishnetwork.com.

# # #

Mr. XXXXX:

I am extremely distressed and dissatisfied with Dish Network. I question both the security of your customers' personal and billing information and the integrity of your customer service after a nightmarish experience that remains unresolved.

On Saturday, June 30, 2007 at around 9 a.m. ET, I logged into my account at dishnetwork.com on my home computer using my username to see my current bill and check on the status of my HD programming rebate. At first, I was alarmed because dishnetwork.com informed me that my bill was past due, but I've kept my account current since opening it in April.

For some bizarre and unknown reason, under my own account, I was able to see personal billing information for one of your customers whom I have no affiliation with in any way, shape or form.

This person's home address, phone numbers, e-mail address, account number, credit card number and even their pet's name were at my
disposal. I have attached a copy of this information to this letter. Could this person see my own personal information and therefore steal my identity? Was this happening with other customers? What would cause such an obscene error?

When I called customer service and explained the situation, I was met with a blasé attitude and repeatedly told by the representative that she "didn't understand the situation" and "to call back in an hour" or "e-mail Dish Network customer service." After repeatedly logging in and out of dishnetwork.com and still being able to access someone else's personal information, I was completely untrusting of electronically communicating with Dish Network. Because of the dire nature of the situation – namely, identity theft – I refused to hang up until this was handled.

For nearly an hour, I repeatedly explained the situation, asked that the problem be resolved or handled and fully explained to me. The representative was unresponsive and evasive. Eventually, another female named Alex with the operator ID of KOB came to the phone and said that a new login and password would be created for me (although I don't understand how that will fix the problem) and that my situation would be forwarded to management and that I would receive a response via e-mail within the hour.

A day after sending this information via form letter on dishnetwork.com, I was separately contacted by two of your employees: XXXX and XXXX. I called each of them back and never heard a response ever again. It's a month later. No letter. No e-mail. No returned call.

Also, I never received credit for my HD programming rebate, the reason I logged onto dishnetwork.com in the first place. I would like this situation to be resolved. Until then, I will implore everyone I know to be weary of providing personal or billing information to DishNetwork.com.

Truly,
XXXX

# # #

Mr. XXXX,

Thank you for your email. I spoke with XXXXX regarding the problem you experienced. She informed me that the issue you were experiencing was resolved.

Our management team made multiple attempts to contact you, and never received a response. As soon as we were aware of the situation, we escalated it to our Executive Vice President of Operations, Vice President of customer retention, and our IT department to ensure a swift resolution.

Our IT department resolved the issue in a timely manner, found that this error occurred on a very limited basis, and ensured that it would not happen again.

You should not see this error any further. If you do, please let me know immediately so we can handle it as soon as possible.

Sincerely,
XXXXX

# # #

Mr. XXXXX:

Thank you for a swift response. I'm ecstatic to know the security issue was actually resolved. However, I take issue with the fact that you say representatives "made multiple attempts" to contact me and "never received a response."

I received exactly two phones calls, as previously specified, from XXXX and XXXX concerning this problem a day — not an hour, as specified by your customer service representative — after first reporting it.

I called each back and left messages for them on their voicemail. I also called XXXX, whose number Ms. XXXX left me in her voicemail. I never received a phone call back from any three of those people. And I never received an e-mail or letter.

I did, however, get my bill, which did not include the HD programming rebate, the reason I logged onto dishnetwork.com in the first place and, in turn, had my security compromised.

-- Why were my calls not returned? And why wasn't a letter or e-mail sent to me?

-- What steps has Dish/Echostar taken to verify the customers whose personal and billing information were accessible by other customers haven't had their identity stolen? Have customers been notified of this glitch on dishnetwork.com?

-- Where's my HD programming rebate? When I signed up for service, I was told it would be activated in one month. It's been four!

Truly,
XXXXX

# # #

Mr. XXXXX,

Thanks for the response. I'm told that your calls were returned by our management team. If we were contacting you via phone, we had no need to send an email or letter. But our management team did respond by phone.

By logging into your DISH Network account online, customers are not and were not able to see any Social Security numbers or complete credit card numbers. You would not be able to commit identity theft with just a name, address, and DISH account number. We take many steps to ensure that your personal information will not be compromised.

I will be happy to look at your account regarding the HD programming rebate. Please forward your account number to me and I will assist you.

Thanks,
XXXX

# # #

Mr. XXXX:

You were lied to by your management team. My voicemail messages to XXXX, XXXX and XXXX were never returned.

When I logged into what was supposed to be my account on dishnetwork.com, I was able to see XXXXXX's name, address, e-mail, phone numbers, pet's name, payment history and the last four digits of her credit card number.

Did Dish/Echostar ever take responsibility for this mistake and tell her and your other customers about this issue?

According to the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization, that's plenty of data to get the identity theft ball rolling. I mailed this information to your headquarters via certified letter yesterday.

In regard to the foremost issue, I refuse to send you my account number through e-mail. If you provide me with your phone number, I will call you tomorrow with that information.

Hopefully, I don't get your voicemail.

Truly,
XXXXXX
 
Last edited:
Hmm I have never had any issues with their site. Thats weird that you did not get a call from anyone at Dish.
 
I haven't either, but I guess it happens.
 
Overall this kind of sounds like a SCAM to me due to I have a hard time believing no one would call back. But I could be wrong.
 
Yeah I think this post might need to be deleted its got a bad smell to it.
 
Yeah my guess is that Dish did call back just no one was at home but who knows. But who knows like I said I have a hard time believing no one called back.
 
I went ahead and removed the names. But why should I care about their privacy when Dish obviously didn't care about the poor woman whose personal and billing information I was able to access when logging into my account, thanks to a glitch in their system. I don't think they even told her about it. And what about the others who don't know? Maybe you? I think there should be some accountability here.

Oh, and here's the deal with the calls: I e-mailed them since CSRs were unresponsive. They called me. I called them back and got their voicemail. I left messages for everyone. And then they never called me back. I've had far more success, as you can see, from e-mailing with this particular person. But the scary fact remains: We have no idea whose personal billing information has been breached.
 
Well it seems that got the issue addressed which could happen on any site. Either way I'm sure they probably got back to you as quickly has they could as would any company. As far as folks information being accused I'm sure that if Dish feel like folks information as been breached they will contact them. :)
 
This happened to me when I first signed up with the Dishnetwork.com site years ago. I thought I had saved the e-mail exchange, but I can't find it. It turned out to be a "funny once" in that the problem was corrected and I haven't seen it happen since then.
 
Wow, I thought this thing only happened to me (about 8 months ago) and never really made a stink about it cause it was corrected shortly after I called them about it (shortly being 1 day) and I received a phone call with an apology and programming credit.

Interesting to hear that it is still happening and has happened to more than a few people.
 
You can store your pet's name on Dishnetwork.com? Where? Even my real human family members are not listed anywhere!
 
You can store your pet's name on Dishnetwork.com? Where? Even my real human family members are not listed anywhere!

I am sure the PETS NAME is for verification if you forget your password and use the automated service to get your password sent to you. I doub't very much they send your pet any free PPV cupons.
 
shoelace: Do you have Caller ID ?? I don't doubt you when you say their management people didn't call you back but if you weren't home and they didn't leave a message.... If you have Caller ID, that tells you for sure if they tried to call.
 
I'm guessing it's part of the "security question" for when you forget your password.
Right you (and nebugeater) are! I checked. Picking your pet's name seems kinda dumb though, since pets can die or run off and get replaced. We are now two cats later than when we originally signed up for Dish. I guess if you're on the phone with a CSR, they'll let you try several possibilities...
 
Just use the same pets name, alive or dead. I'm using two cats ago. Which is great, since not even my friends know the name of the cat I had two cats ago, nor does my family remember for that matter. But I do. He was awesome! :)
 
I just wanted to say I have had expieriences with Dish where they claim to have called me at home and didn't. First of all I have caller id, secondly after no answer it automatically forwards the call to my cell phone, thirdly if i don't answer my cell they can leave me a voice mail. After telling them that they apologized and gave me credit on my account.
This all happened when I first got my VIP 211 and had to replace it 3 times and then had probs with ota hd channels.
 
***

Users Who Are Viewing This Thread (Total: 1, Members: 0, Guests: 1)

Who Read This Thread (Total Members: 1)